Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 30th, 2009

Cross-site Scripting Vulnerability Found In MI5 Website By A Hacker

MI5 has closed up a flaw on its website that could have opened up visitors to malicious attacks, the UK intelligence agency said. The website suffered a cross-site scripting vulnerability that could have allowed hackers to inject code into the site and redirect users to malicious pages, MI5 admitted on Wednesday.

However, the government service insisted the website had been secured quickly, and that at no time had any intelligence operatives been exposed by the hack. “MI5 takes security very seriously,” the intelligence agency told ZDNet UK. “The website is secure and hosted in a high-security environment.”

Last week, a hacker with the handle ‘[-TE-]-Neo’ wrote that the MI5 website was vulnerable to cross-site scripting and Iframe injection. The hacker put the post on the Team Elite hacker forum last Tuesday, claiming the site was breachable through the search engine.

The MI5 site uses an embedded Google search engine, said a spokesperson for the agency, who also confirmed that the site had been vulnerable through the search tool. However, the website is hosted separately from MI5′s back-end systems and is not connected to sensitive data, the spokesperson added.

Once MI5 was informed of the vulnerability, it took action to remedy the situation, said the spokesperson. The flaw was not maliciously exploited and had been limited to that search engine.

Credit: Security News

Share this item with others:

More on CyberInsecure:
  • Cross-Site Scripting Vulnerability On Paypal Could Be Used In Phishing Attacks
  • Cross-site Scripting Vulnerability On Yahoo’s HotJobs Site Exposes Yahoo Accounts
  • Vulnerabilities In Both Principal London Mayoral Election Candidates Websites
  • New Cross-Site Scripting Vulnerability Found On Facebook
  • Another Cross-Site Scripting Vulnerability On eBay Domain Sites Allows Phishing

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Cross-site Scripting Vulnerability Found In MI5 Website By A Hacker

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.